AWS Security Agent (securityagent)

2026-03-26

3 new actions, 3 new conditions | 5 updated resources, 9 updated actions | 20 removed actions, 7 removed resources

Additions

    Actions
  • ListTagsForResource
    • Description:  Grants permission to list the tags for a resource
    • Access:  Read
    • Resources: 

      Name: AgentSpace

      Required: No

      Name: Application

      Required: No

      Name: Integration

      Required: No

      Name: SecurityRequirementPack

      Required: No

      Name: TargetDomain

      Required: No

  • TagResource
    • Description:  Grants permission to add tags to a resource
    • Access:  Tagging
    • Resources: 

      Name: AgentSpace

      Required: No

      Name: Application

      Required: No

      Name: Integration

      Required: No

      Name: SecurityRequirementPack

      Required: No

      Name: TargetDomain

      Required: No

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • UntagResource
    • Description:  Grants permission to remove tags from a resource
    • Access:  Tagging
    • Resources: 

      Name: AgentSpace

      Required: No

      Name: Application

      Required: No

      Name: Integration

      Required: No

      Name: SecurityRequirementPack

      Required: No

      Name: TargetDomain

      Required: No

    • Conditions: 

      aws:TagKeys
    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the tags that are passed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by the tags associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the tag keys that are passed in the request
    • Type:  ArrayOfString

Updates

    Resources
  • SecurityRequirementPack
      Arn
    • Old: arn:${Partition}:securityagent:${Region}:${Account}:control/${ControlId}
      New: arn:${Partition}:securityagent:${Region}:${Account}:security-requirement-pack/${SecurityRequirementPackId}
      Conditions

    • New_value: ['aws:ResourceTag/${TagKey}']

      Old_value: []

  • Application
      Conditions
    • + aws:ResourceTag/${TagKey}
  • SecurityRequirement
      Conditions
    • + aws:ResourceTag/${TagKey}
  • Integration
      Conditions
    • + aws:ResourceTag/${TagKey}
  • AgentInstance
      Conditions
    • + aws:ResourceTag/${TagKey}
    Actions
  • ListIntegrations
      Resources
    • + {'name': 'SecurityRequirementPack', 'is_required': True}
    • - {'name': 'SecurityRequirement', 'is_required': True}
  • GetArtifact
      Resources
    • + {'name': 'SecurityRequirementPack', 'is_required': True}
    • - {'name': 'SecurityRequirement', 'is_required': True}
  • ListTargetDomains
      Resources
    • + {'name': 'SecurityRequirementPack', 'is_required': True}
    • - {'name': 'SecurityRequirement', 'is_required': True}
  • DeleteApplication
      Resources
    • + {'name': 'SecurityRequirementPack', 'is_required': True}
    • - {'name': 'SecurityRequirement', 'is_required': True}
  • CreateIntegration
      Resources
    • + {'name': 'SecurityRequirementPack', 'is_required': True}
    • - {'name': 'Application', 'is_required': True}
  • BatchGetTargetDomains
      Conditions
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
  • BatchGetTasks
      Conditions
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
  • CreateAgentSpace
      Conditions
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
  • ListAgentSpaces
      Resources
    • + SecurityRequirementPack

Deletions

    Actions
  • AddControl
    • Description:  Grants permission to add a customer managed Control
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

  • BatchGetAgentInstances
    • Description:  Grants permission to retrieve multiple agent instances in a single request
    • Access:  Read
    • Resources: 

      Name: AgentInstance

      Required: Yes

  • CreateAgentInstance
    • Description:  Grants permission to create an agent instance record
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

  • CreateDocumentReview
    • Description:  Grants permission to create a document review
    • Access:  Write
    • Resources: 

      Name: AgentSpace

      Required: Yes

  • DeleteAgentInstance
    • Description:  Grants permission to delete an agent instance record
    • Access:  Write
    • Resources: 

      Name: AgentInstance

      Required: Yes

  • DeleteControl
    • Description:  Grants permission to delete a customer managed Control
    • Access:  Write
    • Resources: 

      Name: Control

      Required: Yes

  • DeleteDocumentReview
    • Description:  Grants permission to delete a document review
    • Access:  Write
    • Resources: 

      Name: AgentSpace

      Required: Yes

  • GetControl
    • Description:  Grants permission to retrieve a Control
    • Access:  Read
    • Resources: 

      Name: Control

      Required: Yes

  • GetDocumentReview
    • Description:  Grants permission to get the status of the associated agent instance document review
    • Access:  Read
    • Resources: 

      Name: AgentSpace

      Required: Yes

  • GetDocumentReviewArtifact
    • Description:  Grants permission to get document review artifact for a specific document
    • Access:  Read
    • Resources: 

      Name: AgentSpace

      Required: Yes

  • GetLoginSessionCredentials
    • Description:  Grants permission to retrieve credentials for a one time login session
    • Access:  Read
  • HandleOneTimeLoginSession
    • Description:  Grants permission to process and invalidate a one time login session
    • Access:  Write
  • ListAgentInstanceTasks
    • Description:  Grants permission to list tasks for a specific agent instance
    • Access:  List
    • Resources: 

      Name: AgentInstance

      Required: Yes

  • ListAgentInstances
    • Description:  Grants permission to list agent instances
    • Access:  List
  • ListControls
    • Description:  Grants permission to list all Controls
    • Access:  List
  • ListDocumentReviewComments
    • Description:  Grants permission to list document review comments
    • Access:  List
    • Resources: 

      Name: AgentSpace

      Required: Yes

  • ListDocumentReviews
    • Description:  Grants permission to list all document reviews for the given project
    • Access:  List
    • Resources: 

      Name: AgentSpace

      Required: Yes

  • ToggleManagedControl
    • Description:  Grants permission to toggle the status
    • Access:  Write
    • Resources: 

      Name: Control

      Required: Yes

  • UpdateAgentInstance
    • Description:  Grants permission to update an agent instance record
    • Access:  Write
    • Resources: 

      Name: AgentInstance

      Required: Yes

  • UpdateControl
    • Description:  Grants permission to update a customer managed Control
    • Access:  Write
    • Resources: 

      Name: Control

      Required: Yes

    Resources
  • SecurityRequirement
    • Arn:  arn:${Partition}:securityagent:${Region}:${Account}:security-requirement/${SecurityRequirementId}
  • AgentInstance
    • Arn:  arn:${Partition}:securityagent:${Region}:${Account}:agent-instance/${AgentId}
  • Artifact
    • Arn:  arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/artifact/${ArtifactId}
  • Pentest
    • Arn:  arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/pentest/${PentestId}
  • PentestJob
    • Arn:  arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/pentest-job/${JobId}
  • PentestTask
    • Arn:  arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/pentest-task/${TaskId}
  • Finding
    • Arn:  arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/finding/${FindingId}